It was only recently did I start tinkering with the ASP.NET 2.0 Theme feature to supply the pages and controls with styling via CSS files located in the App_Themes directory. It never dawn on me back then, why the login page - the application's using Forms Authentication - always appear unstyled despite the resultant HTML source exhibiting the entire lot of CSS files being reference. Once I logged in, the page would then be styled properly.
This is because Forms Authentication protects other resources from anonymous users when I specified in web.config that only authenticate users may use the web application.
<
authentication mode="Forms">
<forms loginUrl="~/login.aspx" name=".ADAuthCookie" timeout="20"/>
</authentication>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
The way to break out of this "trap" is to make the App_Themes directory available for anonymous acces. Below the is the independent <location> element that is placed below the main <system.web> to "free" App_Themes for everybody to enjoy the beautiful art work of the login page.
<system.web>
<!-- main config -->
</system.web>
<
location allowOverride="false" path="App_Themes">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>